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About This Guide 


This Internet Protocol version 6 (IPv6) Administration Guide provides information about the basic 
features of IPv6, transition mechanisms from IPv4, and how to set up the IPv6 network. Novell 
IPv6 now ships with Novell® TCP/IP stack as an additional component. 


This guide is divided into the following sections: 
+ Chapter 1, “Understanding IPv6,” on page 9 
+ Chapter 2, “Transitioning from IPv4 to IPv6,” on page 15 
+ Chapter 3, “Setting Up Novell IPv6,” on page 21 
+ Chapter 6, “Using Novell IPv6 in Your Network,” on page 43 
+ Chapter 7, “Frequently Asked Questions,” on page 47 


Documentation Updates 


For the most recent version of the Novell Netware IPv6 Administration Guide for OES, see the 
Novell online documentation (http://www.novell.com/documentation/oes/index.html?page=/ 
documentation/oes/ipv6/data/front.html#bktitle) 


Documentation Conventions 


In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and 
items in a cross-reference path. 


In this documentation, a trademark symbol E TM, etc.) denotes a Novell trademark. An asterisk 
(*) denotes a third-party trademark. 


When a single pathname can be written with a backslash for some platforms or a forward slash for 
other platforms, the pathname is presented with a backslash. Users of platforms that require a 
forward slash, such as UNIX*, should use forward slashes as required by your software. 


User Comments 


We want to hear your comments and suggestions about this manual and the other documentation 
included with this product. Please use the User Comment feature at the bottom of each page of the 
online documentation, or go to www.novell.com/documentation/feedback.html and enter your 
comments there. 
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Understanding IPv6 


IPv6 is a network layer protocol that resolves the inherent IPv4 problems and incorporates many 
enhancements. IPv6 solves the Internet scaling problem (addresses), provides a flexible transition 
mechanism, meets the needs of mobile users, and supports automatic configuration (plug-and- 


play). 

This chapter provides the following information about IPv6: 
+ Understanding IPv6 (page 9) 
+ Comparing IPv4 and IPv6 (page 12) 
+ Implementing Novell IPv6 (page 12) 


Understanding IPv6 


With the unprecedented growth of the Internet and the steady increase of users who use the Internet 
for varied services, there is a need to increase the Internet address spaces. This is to facilitate real- 
time traffic, flexible congestion control schemes, security, and privacy. The emerging range of 
network intelligent devices such as mobile phones and home area networks, has further 
accentuated the need for larger address spaces. 


IPv6 aims to provide larger address spaces to overcome the shortcomings of IPv4. To ensure that 
IPv6 provides all the features that IPv4 does not, the Internet Engineering Task Force (IETF) 
revisited the definition and functionality that IPv4 offered. IPv6 is designed to produce a 
streamlined format while integrating support for emerging services such as expanded address 
configuration, quality of service, security, and support for mobile devices. 


This section explains the following: 
+ IPv6 Header Format (page 9) 
+ IPv6 Addressing (page 10) 
+ IPv6 Security (page 11) 
+ IPv6 Routing (page 11) 
+ Quality-of-Service Capabilities (page 11) 
+ Address Auto Configuration (page 11) 


IPv6 Header Format 


Unlike in IPv4, IPv6 options are placed in separate extension headers and are located between the 
IPv6 headers and the transport layer headers. IPv6 does not require all the routers on a path to 
examine these header options. The redundant fields from the IPv4 header have been removed for 
IPv6. These improvements enhance the IPv6 protocol performance, because they cut down on the 
additional processing. 
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The following diagram shows the IPv6 header. 


Figure 1 Header Format 
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Extension Headers 


The optional Internet layer information is encoded in separate headers that can be placed between 
the IPv6 header and the upper-layer header in a packet. These extension headers are identified by 
a distinct next-header value. The IPv6 packet might or might not carry these extension headers. 
The following are the currently defined extension headers options: 


Option Functionality 
Authentication Integrity and Authentication 
Destination options 1 Options to be examined by intermediate nodes 
Destination options 2 Options to be examined by destination node only 
Fragmentation Fragmentation and reassembly 
Hop-by-Hop Special option for processing at every node 
Routing Extended Routing (Loose Source Route) 
Security encapsulation Confidentiality 

IPv6 Addressing 
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IPv6 addresses are 128 bits and identify interfaces or sets of interfaces. The following are the three 
types of IPv6 addresses: 


+ Unicast identifies a single interface. 


+ Anycast identifies a set of interfaces. A packet sent to this address will be forwarded to the 
nearest interface with the same address, according to the routing protocols’ measure of 
distance. 


+ Multicast identifies a group of interfaces. A packet sent to this address will be sent to all 
interfaces in the group. 


The IPv6 address space works out to be the following: 
2 8 = 340,282,366,920,938,463,463,374,607,431,768,211,456 
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IPv6 Security 


IPv6 offers the following integrated security services: 
+ The IPv6 Authentication Header provides authentication to IPv6 datagrams. 


+ The IPv6 Encapsulating Security Header provides integrity and confidentiality to IPv6 
datagrams. 


IPv6 Routing 


RIPv6 and OSPFv6 are protocols that enable routers to exchange information for computing routes 
through an IPv6 network. The RIPv6 and OSPFv6 protocols must be implemented only on routers 
because IPv6 hosts use the Neighbor Discovery Protocol to retrieve information about their 

neighboring nodes. The RIPv6 protocol works on UDP and the OSPFv6 protocol works on IPv6. 


Quality-of-Service Capabilities 


The IPv6 protocol provides some Quality-of-Service (QoS) mechanisms for those packets that 
require special handling. The Flow Label and Traffic Class fields in the IPv6 header are used to 
identify these packets, which include packets that require nondefault quality of service, real-time 
service, or relative priority. This is especially useful for real-time and multimedia applications. 


Two types of header fields enable QoS: 


+ Flow Label identifies a flow, which is a sequence of packets sent from a particular source to 
a particular destination or multiple destinations for which the source desires special handling. 


+ Traffic Class identifies and distinguishes between different classes or priorities of IPv6 
packets. 


Address Auto Configuration 


Address auto configuration enables a host to automatically learn its interface addresses. This 
enables the host to operate in a plug-and-play mode. 


Path Maximum Transfer Unit 


Every network interface has a maximum packet size that it can transfer across the network. This 

1s called the interface's Maximum Transfer Unit (MTU). The complete path that data packets travel 
to reach the destination might span across many routers with different MTUs. The smallest MTU 
among all the routers in a path is referred as the path MTU. 


If a packet starts out on a network segment with a large MTU, it might arrive at a router with a 
smaller MTU. The intermediate routers are not allowed to fragment the packet and, therefore the 
packet would not be able to traverse through this link. 


Before sending the data packets, we it is recommended that each host perform the path MTU 
discovery process and determine the optimum size for the full path from the source to the 
destination. To ascertain the path MTU, the host can send out a probe packet of the largest size 
possible. If it cannot traverse through some link in the path, the host will receive a Packet Too Big 
notification and will be further informed about the optimum size of data packets that can be sent 
through that link. 


The path MTU for each interface can be configured in the ip6.cfg file. The size specified in this 
file becomes the maximum size of the outgoing data packet from that network link. 
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Comparing IPv4 and IPv6 


The following features differentiate IPv6 from IPv4: 
+ The IPv6 header (40 bytes) is double the size of the IPv4 header (20 bytes). 
+ IPv6 (128 bits) has four times as many address bits as IPv4 (32 bits). 


+ [Pv6 has stackable extension headers that replace the IPv4 options. Several extension headers 
can be stacked on top of the previous extension headers. 


+ The IPv6 header is not protected by checksum. Instead, UDP checksumming is mandated in 
IPv6. 


+ Fragmentation-related fields now belong to the fragment extension header in IPv6. 
+ The length of the header, protocol type, and the Time to Live are redefined in the IPv6 header. 
+ Intermediate fragmentation is not allowed in IPv6. 
Two additional features are improvements over IPv4: 
+ Addressing Differences (page 12) 
+ Configuration (page 12) 


Addressing Differences 


Configuration 


IPv6 supports private and public addresses as part of the architecture and associates them with a 
lifetime. IPv4 added the concept of scope or private addresses at a later time. Mechanisms like 
Dynamic Host Control Protocol try to associate lifetime to addresses in IPv4. 


IPv6 addresses uses unicast, multicast, and anycast addresses. IPv4 does not have the anycast 
addressing as part of the base specification. 


IPv6 brings in plug-and-play support for hosts as part of the base specification. Routers can be 
configured to advertise subnet prefixes and MTU parameters. Most of the facilities provided by 
IGMP router discovery and ARP in IPv4 are provided as part ofthe Neighbor Discovery protocol 
in IPv6. 


Implementing Novell IPv6 


IPv6 on NetWare® enables the use of the IPv6 protocol natively over the NetWare server platform 
by NetWare applications like NDS?, Proxy, and Winsock. NetWare does this by using the IPv6 
features that best suit Novell software. Also, IPv6 is used as a part of the existing TCP/IP stack 
and functions as an add-on component for TCP/IP. 


The following RFCs are supported by the Novell IPv6 protocol: 


RFC 2460 - Internet Protocol version 6 (IPv6) Specification 

RFC 2461 - Neighbor Discovery for IPv6 

RFC 2462 - IPv6 Stateless Address Autoconfiguration 

RFC 2463 - Internet Control Message Protocol (ICMPv6) 

RFC 2464 - Transmission of IPv6 Packets over Ethernet Networks (Only EthernetII Format) 
RFC 2553 - Basic Socket Interface Extensions for IPv6 
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RFC 2373 - IPv6 Addressing Architecture 
RFC 2893 - Transition Mechanisms for IPv6 Hosts and Routers 


Understanding IPv6 13 


14 Novell Netware IPv6 Administration Guide for OES 


Dual Stack 


Transitioning from IPv4 to IPv6 


Moving exclusively to IPv6 is not a practical option for most organizations. Therefore, it is 
possible to make the move gradually and to use mixed environments while the transition is taking 
place. The question for most organizations is when, how, where, and how much to transition. 


The above mechanisms cannot be compared for efficiency and performance. However, one or 
more of these mechanisms will be used eventually for a complete transition. 


Some individual networks within an organization can be upgraded as a whole, creating small IPv6 
networks surrounded by IPv4 networks, but IPv4/IPv6 gateways are necessary at the borders of 
these networks to interoperate with IPv4 networks. Different IPv6 networks can also communicate 
with each other through the IPv4 Internet by setting up IPv6/IPv4 tunnels. 


Some organizations will migrate host by host, with dual-protocol IPv4/IPv6 nodes scattered 
throughout the existing IPv4 network. These nodes will be able to interoperate with each other in 
native IPv6, or with IPv6 nodes outside the network by tunneling IPv6 inside IPv4 packets. 


See the following sections for more information about how IPv6 interoperability with IPv4 is 
enabled: 


+ “Dual Stack” on page 15 
+ “Tunneling” on page 16 


+ “Testing Your Setup with 6Bone” on page 18 


The IPv6 dual stack mode assumes the following: 
+ Both IPv4 and IPv6 stacks are enabled 
+ Applications can talk to both IPv6 and IPv4 


+ Your choice of the IP version is based on name lookup and application preference 


The following diagram shows the dual stack approach. 
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Tunneling 


Figure 2 Dual Stack 


Dual stack hosts can handle both IPv4 and IPv6 clients by using IPv4-mapped IPv6 addresses. For 
example, the following process shows how an IPv4 TCP client communicates with an IPv6 server: 


l. 


The IPv6 server starts and creates an IPv6 listening socket. 


2. The IPv4 client calls gethostbyname and finds a record for the server. 
3. 
4 


. The server host receives the IPv4 SYN directed to the IPv6 listening socket. The server sets a 


The client calls connect and the client's host sends IPv4 SYN to the server. 


flag indicating that this connection is using IPv4-mapped IPv6 addresses and responds with 
an IPv4 SYN/ACK. 


5. All communication between the client and server takes place using IPv4 datagrams. 


. Unless the server explicitly checks whether this IPv6 address is an IPv4-mapped IPv6 address, 


the server never knows that it is communicating with an IPv4 client. 


Tunneling requires only edge ingress and egress router upgrades until native IPv6 networks are 
commercially deployed or offered end-to-end. Two tunneling mechanisms are explained here: 


+ Automatic and Configured Tunneling (page 16) 


+ Default Configured Tunnel (page 18) 


Automatic and Configured Tunneling 


IPv6/IPv4 hosts and routers can tunnel IPv6 datagrams over regions of IPv4 routing topology by 
encapsulating them within IPv4 packets. Tunneling can be used in the following ways: 


+ Router-to-Router — IPv6/IPv4 routers interconnected by an IPv4 infrastructure can tunnel 


IPv6 packets between themselves. 


+ Host-to-Router — IPv6/IPv4 hosts can tunnel IPv6 packets to an intermediary IPv6/IPv4 


router that is reachable through an IPv4 infrastructure. This type of tunnel spans the first 
segment of the packet's end-to-end path. 


+ Host-to-Host — IPv6/IPv4 hosts that are interconnected by an IPv4 infrastructure can tunnel 


IPv6 packets between themselves. In this case, the tunnel spans the entire end-to-end path that 
the packet takes. 
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+ Router-to-Host — IPv6/IPv4 routers can tunnel IPv6 packets to their final destination IPv6/ 
IPv4 host. This tunnel spans only the last segment of the end-to-end path. 


Automatic Tunneling 


In the Host-to-Host and Router-to-Host scenarios, IPv6 packets are tunneled all the way to the 
destination. The tunnel end point is the node that the IPv6 packet is addressed to. Because the end 
point of the tunnel is the destination for the IPv6 packet, the tunnel end point can be determined 
from the destination IPv6 address of the packet. If the address is an IPv4-compatible address (RFC 
2373), the lower-order 32 bits hold the IPv4 address of the destination node and can be used as the 
tunnel end point address. 


This avoids the need for explicit configuration of the tunnel end point address, which is the reason 
this method is known as automatic tunneling. It requires that the IPv6 address must be an 
IPv4-compatible IP address. 


IPv6/IPv4 nodes need to determine which IPv6 packets can be sent through automatic tunneling. 
One method is to use the IPv6 routing table to direct automatic tunneling. You can have a special 
static routing table entry for the prefix 0:0:0:0:0:0/96 (that is, a route to the all-zeros prefix with a 
96-bit mask). 


Packets that match this prefix are sent to a pseudo-interface driver which performs automatic 
tunneling. Because all IPv4-compatible IPv6 addresses will match this prefix, all packets to those 
destinations can be auto-tunneled. 


The following diagram shows automatic tunneling. 


Figure 3 Automatic Tunneling 
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Router-to-Router and Router-to-Host Automatic Tunneling 


Configured Tunneling 


In the Router-to-Router and Host-to-Router scenarios, the IPv6 packet is tunneled to a router. The 
tunnel end point is a router that must decapsulate the IPv6 packet and forward it to the destination. 
The end point of the tunnel is different from the destination, so the addresses of the IPv6 packet 
being tunneled do not provide the IPv4 address of the tunnel end point. The tunnel end point 
address must be determined from the configuration information on the node performing the 
tunneling, which is the reason this method is called configured tunneling. 


The tunnel end point address is determined from the configuration information in the 
encapsulating node. For each tunnel, the encapsulating node must store the tunnel end point 
address. When an IPv6 packet is transmitted over a tunnel, the tunnel end point address configured 
for that tunnel is used as the destination address for the encapsulating IPv4 header. 
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The routing information on the encapsulating node determines which packets to tunnel. This is 
done via a routing table that directs packets based on the destination address using the prefix mask 
and match technique. 


The following diagram shows a configured tunnel. 


Figure 4 Configured tunneling 
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Default Configured Tunnel 


Nodes that are connected to [Pv4 routing infrastructures can use a configured tunnel to reach an 
IPv6 backbone. If the IPv4 address of the IPv6/IP v4 border router is known, a tunnel can be 
configured to that router. 


This tunnel can be configured as the default route. All IPv6 destination addresses will match the 
route and could potentially traverse the tunnel. The tunnel end point address of such a default 
tunnel could be the IPv4 address of the IPv6/IPv4 border router. Novell uses a default configured 
tunnel to reach the IPv6/IPv4 border router. 
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6Bone is a logical test IPv6 network, overlaid on the IPv4 Internet. 


It is an independent outgrowth of the IPv6 project, resulting from an informal collaboration 
between the U.S., Japan, and Europe. You can join the network and use it to test your setup. 


The following diagram shows the 6Bone network. 


Figure 5 The 6Bone Network 
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Globally addressable IPv6 has a three-level hierarchy that includes the following: 
+ A public topology (the 48-bit external routing prefix) 
+ A site topology (typically a 16-bit subnet number) 


+ An Interface Identifier (usually an automatically generated 64-bit number unique on at least 
the local LAN segment) 


The public topology has two or more levels of hierarchy, specifying the Top Level Aggregator 
(typically a high-level ISP), Next Level Aggregators (zero or more mid-level ISPs), and a final 
Next Level Aggregator (which is the end user site). The end user sites get their address prefixes 
from an ISP that provides their IPv6 service. 


To join 6Bone, you get a 48-bit IPv6 external routing prefix from an existing pTLA (pseudo-Top 
Level Aggregator) 6Bone ISP. 


To do this, you use the registry database to identify a suitable pTLA, then contact one of the listed 
registry contacts through e-mail. 


You'll receive an end point address and an IPv6 format prefix, which you should enter in to the 
centralized registry database. You can then use the 6Bone network to test your setup for 
functionality and interoperability. 
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Setting Up Novell IPv6 


This chapter covers the basics of how to install required files and set up the Novell® IPv6 protocol. 
After IPv6 is set up, the transmission of packets through IPv4 and IPv6 depends on the address 
type specified in the packets. The following setup and configuration requirements are discussed 
here: 


+ Required NLM Files (page 21) 

+ IPv6 Files on a NetWare Server (page 21) 

+ Installing Novell IPv6 (page 23) 

+ Utilities That Can Use Novell IPv6 (page 23) 
+ Novell IPv6 Configuration (page 25) 

+ Novell IPv6 Commands (page 31) 

+ Uninstalling Novell IPv6 (page 35) 


Required NLM Files 


The following core NetWare® Loadable Module" (NLM™) files used by the Novell IPv6 stack 
should be copied to the sys:\system directory: 


+ bsdsock.nlm — NLM for socket libraries 

+ ipv6.nlm — IPv6 core NLM 

+ netlib.nlm — NLM housing utility function for scheduler address libraries, etc. 
+ resolv.nlm — NLM used for DNS libraries 

+ static6.nlm — Static routing NLM 

+ tcp.nlm — TCP modified to support IPv6 end points 

+ tcpip.nim — IPv4 NLM for setting up tunnels 

+ rip6.nlm — NLM for dynamic routing 


IPv6 Files on a NetWare Server 


After the NetWare server is installed, the IPv6-related NLM files are available for IPv6 setup and 
configuration. Other required NLM files—such as tcp.nlm, tepip.nlm, bsdsock.nlm and 
netlib.nlm—will already be loaded when the server comes up. The following sections list the 
directory structures for the IPv6-related files on the NetWare server: 


+ “Sys:\research\ipv6” on page 22 
+ “Sys:\research\ipv6\apache” on page 22 
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+ “Sys:\research\ipv6\ftp” on page 22 

+ “Sys:\research\ipv6\nls\4” on page 22 
+ “Sys:\research\ipv6\nls\9” on page 22 
+ “Sys:\research\ipv6\nls\12” on page 23 
+ “Sys:\research\ipv6\ping6” on page 23 


Sys:\research\ipv6 


The following files are available at this location: 
+ gw6 
+ ip6.cfg 
+ ip6.ncf 
+ ipv6.nim 
+ resolv.nlm 
+ rtadvd.cfg 
+ static6.nlm 


+ uip6.ncf 


Sys:\research\ipv6\apache 


All the Apache-related NLM files are available at this location. 


Sys:\research\ipv6\ftp 


The following files are available at this location: 
+ nwftpd6.msg 
+ nwftpd6.nlm 


Sys:\research\ipv6\nis\4 


The following files are message files for English: 
+ ipv6.msg 


+ static6.msg 


Sys:\research\ipv6\nis\9 


The following files are message files for Japanese: 
+ ipv6.msg 


+ staticó.msg 
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Sys:\research\ipv6\nis\12 


The following files are message files for Portuguese: 
+ ipv6.msg 


+ staticó.msg 


Sys:\research\ipv6\ping6 
The following file is available at this location: 


+ ping6.nlm 


Installing Novell IPv6 


You can install Novell IPv6 using one of the following methods: 
+ “Manual Installation” on page 23 
+ “Auto Installation Using Scripts” on page 23 
Manual Installation 
1 Copy the ipv6.nlm, static6.nlm, and resolv.nim files from sys:\research\ipv6 to sys:\system. 
2 Copy the ip6.cfg, rtadvd.cfg, and gw6 files from sys:\research\ipv6 to sys:\etc. 


These are sample files. Appropriately modify information like board name, addresses 
required, etc. 


3 Copy the ip6.msg and static6.msg files from sys:\research\ipv6\nls\number to 
sys:\system\nls\number. 


Replace number with 4, 9, or 12. These are the message files for English, Japanese, and 
Portuguese, respectively. 


4 Copy the ip6.ncf and uip6.ncf files from sys:\research\ipv6 to sys:\system. 
5 Run ip6.ncf at the command prompt. 
The IPv6 stack is now installed and ready to use. 
Auto Installation Using Scripts 
1 Enter perl sys:\research\ipv6\install.p1 at the server console. 
The IPv6-related files are copied into the system directory. 
2 Enter ip6.ncf at the server console. 


All the IPv6-related nlm programs are loaded. 


Utilities That Can Use Novell IPv6 


This section discusses the utilities that can use IPv6 and the manner in which they can be used: 
+ Apache2 (page 24) 
+ FTP6 (page 24) 
+ IPTrace6 (page 25) 
+ PING6 (page 25) 
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Apache2 


Server Side 


Client Side (Browser) 


FTP6 


Copy the WinSock nlm files from the sys:\research\ipv6\winsock directory to the c:\nwserver 
directory. 


Copy the folders and nlm files from the sys:\research\ipv6\apache2 directory to the 
sys:\apache2 directory. 


Load ipv6.nlm. 
Load resolv.nim. 


Load sys:\apache2\apache2.nlm. 


This starts the Apache Server. 


This information is specific to the Internet Explorer (IE) on the Windows XP platform. It can also 
apply to Support Patch for IPv6 for Windows 2000 nodes. 


The default browser (IE) that comes with Windows XP does not support literal IPv6 strings as 
addresses. Therefore, you cannot use the address directly in the browser as http://[3ffe::1]. You 
have to use DNS names for the address. 


4 Disable the proxy in your Browser. 


In IE, click Tools > Internet Options > Connections > LAN Settings, then uncheck the Use a 
proxy server for your LAN check box. 


This must be done in case the DNS query is directed to the proxy, which might not have IPv6 
support. 


2 Verify the DNS entry. 


+ Ifyou have a DNS server supporting IPv6 Name-to-Address resolution, you can depend 
on that for resolution of the query. 


+ Otherwise, you can configure the DNS name in the 
c:\windows\system32\drivers\etc\hosts file, similar to the format used for IPv4. For 
example: 


3ffe::1 ipv6 host 


Http://ipv6_host then connects to the Apache Server. 


Copy the nwftpd6.nlm file from the sys:\research\ipv6\ftp directory to the sys:\system 
directory. 


Copy the nwftpd6.msg file from the sys:\research\ipv6\ftp directory to the sys:\system\nls\4 
directory. 


In order to use IPv6-enabled FTP Server (nwftpd6.nlm), make sure to unload the IPv4 version 
in the system (unload nwftpd.nlm). 


Run nwftpd6.nlm. 
It will autoload ftpif.nlm. 
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5 Enter nwftpd6 -a atthe server console to create an anonymous user for FTP access. 


Nwftpd6.nlm binds to all the interfaces in the system. 


IPTrace6 


IPTrace6 is a debugging tool used to trace the path taken by the packet from the source host to 
reach the destination host. It lists out the IPv6 addresses of the intermediate routers that have been 
traversed to reach the destination. It uses the ICMPv6 error messages to achieve the same. 


You can locate IPTrace6 in sys:\research\ipv6\tools\iptrace6.nlm. 
Enter the following command to use the IPTrace6 feature: 


IPTrace6 destination [Hops=max_hops] [StartHop=starting ttl] [Wait = 
max wait time] [Port=destination port] [Pkt = 
number of packets for each hop] 

Parameters for IPTrace6 


+ Hops specifies the maximum number of hops that will be made before IPTrace6 stops 
searching. Default = 30. 


+ StartHop specifies the initial value of the time-to-live (ttl) in the outgoing packet. For 
example, if there are three hops to the destination and the StartHop is specified as 2, the 
IPTrace6 display skips the router at the first hop and starts from the second one. Default = 1. 


+ Wait specifies the time (in seconds) to wait for the response (ICMPv6 Time Exceeded) to a 
probe. If no reply is received within this time, an asterisk (*) is displayed. Default = 5. 


+ Port specifies the UDP port number that the IPTrace6 packets are sent to. It should be greater 
than 6000. Default = 40001. 


+ Pkt specifies the number of packets sent with the same ttl value. Default = 3. 
Some examples of using IPTrace6: 
IPTrace6 www.novell.com 


IPTrace6 www.novell.com Starthop=3 Pkt=4 


PING6 


4 Copy the ping6.nlm file from the sys:\research\ipv6\ping6 directory to the sys:\system 
directory. 


2 Run ping6.nlm to test the communication between any two nodes. 


TIP: Just typing ping6 without any options will open the Help screen. 


Novell IPv6 Configuration 


You can configure the IPv6 stack by modifying the default ip6.cfg file found under sys:\etc. You 
can also use the rtadvd.cfg file in conjunction with the ip6.cfg file to make the node function as an 
advertising interface. This section describes the formats for the following configuration files: 


+ Ip6.cfg File (page 26) 
+ Rtadvd.cfg File (page 28) 
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Ip6.cfg File 


The configuration of the IPv6 stack is possible through the ip6.cfg file placed under sys:\etc. To 
configure the IPv6 stack, modify the default file provided with the stack. 


Configuration File Format 


[Interface All] 

Router Yes | No 

Autotunnel Yes | No 

6to4 Yes | No 

[Interface Interface name] 

Addr v6 address 128 bit 

Prefixlen Prefix length of Addr 

mtu MTU for this interface 

rsdelay Router solicitation delay in seconds 


rsinterval Delay between the router solicitation in seconds 
rstransmits Number of router solicitations transmitted 
autoconf Yes | No 

acceptra Yes | No 

acceptredirect Yes | No 

hoplimit Hop limit to be specified in the outgoing packet 
delayFirstProbeTime Neighbor discovery parameter 
baseReachableTime Neighbor discovery parameter 


retransTime Delay between successive neighbor solicitations 
sendRedirect Yes | No 
DadTransmits [1 - 3] 


Example Configuration File 


[Interface All] 


Router Yes 

Autotunnel No 

6to4 No 

[Interface CE100B 1 EIT] 
Addr 3ffe:501:ffff:100::1 
Prefixlen 64 

mtu 1280 
rsdelay 1 
rsinterval 4 
rstransmits 3 

autoconf Yes 

acceptra Yes 
acceptredirect Yes 
hoplimit 255 
delayFirstProbeTime 5 
baseReachableTim 30 
retransTime 1 
sendRedirect Yes 
DadTransmits 3 


Field Level Descriptions with Default Values 


Table 1 For the Common Interface Record 
Field Name Description Default Value 
Router Router/Host functionality No (Host) 
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Table 2 


Rtadvd.cfg File 


Field Name Description Default Value 
Autotunnel Autotunnel enable/disable No (disable) 
6to4 6to4 tunnel enable/disable No (disable) 


For the Interface-Specific Record 


Field Name Description Default Value 
Addr Corresponding IPV6 address None 
Prefix Len Prefix length of the address None 
mtu MTU of the interface MaxReceiveSize of the 
corresponding driver 
Rsdelay Router solicitation delay (in seconds) 1 
Rsinterval Router solicitation interval (in seconds) 4 
Rstransmits Number of times router solicitation is 3 
transmitted 
Autoconf Indicates if autoconfiguration should be Yes 
performed on the interface (yes/no) 
Acceptra Indicates if router advertisements should Yes 
be accepted on this interface (yes/no) 
Acceptredirect Indicates if redirects should be accepted Yes 
on this interface (yes/no) 
Hoplimit Hop limit filled in the outgoing packets 255 
DelayFirstProbeTime Time (in seconds) to waitin Delay state 5 
BaseReachableTime Neighbor discovery parameter (in 30 
seconds) 
RetransTime Time (in seconds) between successive 1 
neighbor solicitations 
SendRedirect Indicates if redirects should be senton Yes 
this interface (yes/no) 
DadTransmits Number of consecutive neighbor 3 


solicitation messages sent while 
performing Duplicate Address Detection 
on a tentative address 


You can use the rtadvd.cfg file in conjunction with the ip6.cfg file to make the node function as an 
advertising interface. For the values in the rtadvd.cfg file to take effect, you need to set the Router 
field to Yes in the ip6.cfg file. Refer to “Configuration File Format” on page 26. 
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Configuration File Format 


Router Advertisement 
You need to set the following file formats to configure Router Advertisement (interface specific): 


[Interface Interface name] 


RASendAdvertisements Yes | No 


RAMaxInterval [4 - 1800] 

RAMinInterval [3 - 0.75 * RAMaxInterval] seconds 
RAManagedFlag Yes | No 

RAOtherConfigFlag Yes | No 

RALinkMTU [0 - LinkMTU] 

RAReachableTime [0 - 3,600,000] 

RARetransTimer Retransmit time in milliseconds 


RACurHopLimit Hop limit 


RADefaultLifeTime [0 | MaxRtrAdvInterval - 9000] 


NOTE: This record can occur only once for an interface. 


Prefix List 


You need to set the following file formats to configure the Prefix list to be advertised for each 
interface: 


[RAPrefixListIf Interface name] 
Prefix Prefix to be advertised 
PrefixLen [64 - 128] 


RAValidLifeTime Valid life time of the Prefix in seconds 


RAPreferredLifeTim Preferred life time of the Prefix in seconds 


RAAutonomousFlag Yes | No 
RAOnLinkFlag Yes | No 


RAReal Fixed TimeFlag Real | Fixed 


NOTE: This record can occur multiple times for an interface depending on the number of prefixes that are to 
be advertised. 


Example Configuration File 


[Interface DLKRTS EII ] 


RASendAdvertisements Yes 
RAMaxInterval 20 
RAMinInterval 3 
RAManagedFlag Yes 
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Field Level Description with Default Values 


Table 3 


RAOtherConfigFlag Yes 
RALinkMTU 0 
RAReachableTime 200 
RARetransTimer 3 
RACurHopLimit 255 
RADefaultLifeTime 1800 
[RAPrefixListIf DLKRTS EIT] 

Prefix 3ffe:dad::0 
PrefixLen 64 
RAValidLifeTime 300 
RAPreferredLifeTim 250 
RAAutonomousFlag Yes 
RAOnLinkFlag No 

RAReal Fixed TimeFlag Real 
[RAPrefixListIf DLKRTS EIT] 
Prefix 3ffe: FEED: :0 
PrefixLen 64 
RAValidLifeTime 50 
RAPreferredLifeTim 30 
RAAutonomousF lag Yes 
RAOnLinkFlag No 

RAReal Fixed TimeFlag Fixed 
For the Router Advertisement Record 

Field name Description Default Value 
RASendAdvertisements Router Advertisement enable/disable. No (disabled) 


RAMaxinterval 


The maximum time (in seconds) allowed 600 
between unsolicited multicast Router 


Advertisements transmitted from the interface. 
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Field name 


Description 


Default Value 


RAMininterval 


The minimum time (in seconds) allowed 
between unsolicited multicast Router 


Advertisements transmitted from the interface. 


198 


RAManagedFlag 


The value to be placed in the Managedaddress 
Configuration flag field in the Router 
Advertisement. Specifies whether hosts 
should use stateful autoconfiguration to obtain 
addresses. 


No 


RAOtherConfigFlag 


The value to be placed in the Other Stateful 
Configuration flag field in the Router 
Advertisement. Indicates whether hosts 
should use statefulautoconfiguration to obtain 
additional information (excluding addresses). 


No 


RALinkMTU 


The value to be placed in MTU options sent by 
the router. A value of 0 (zero) indicates that no 
MTU options are sent. 


RAReachableTime 


The value to be placed in the Reachable Time 
field in the Router Advertisement messages 
sent by the router. A value of zero means 
unspecified (by this router). This denotes the 
time (in milliseconds) that a node assumes a 
neighbor is reachable after having received a 
reachability confirmation. 


RARetrans Timer 


The value to be placed in the Retrans Timer 
field in the Router Advertisement messages 
sent by the router. A value of 0 (zero) means 
unspecified (by this router). This denotes the 
time (in milliseconds) between retransmitted 
neighbor solicitation messages. 


RACurHopLimit 


The value to be placed in the Cur Hop Limit 
field in the Router Advertisement messages 
sent by the router. The value should be set to 
the current diameter of the Internet. A value of 
0 (zero) means unspecified (by this router). 


255 


RADefaultLifeTime 


The time value (in seconds) to be placed in the 
Router Lifetime field of Router Advertisements 
sent from the interface. A Lifetime of 0 (zero) 
indicates that the router is not a default router. 
The Router lifetime applies only to the router's 
usefulness as a default router. 


1800 


Table 4 For the Prefix Description Record 
Field name Description Default Value 
Prefix The prefix to be placed in Prefix Information None 
options in Router Advertisement messages 
sent from the interface. 
PrefixLen Prefix length. 64 
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Field name Description Default Value 
RAValidLife Time The length of time in seconds that the prefixis 2592000 
valid for the purpose of onlink determination. 
RAPreferredLife Time The length of time (in seconds) that addresses 604800 
generated from the prefix via stateless 
address autoconfiguration remain preferred. 
RAAutonomousFlag Indicates whether this prefix can be used for Yes 
autonomous address configuration 
RAOnLinkFlag Indicates whether this prefix can be used for Yes 
onlink determination 
RAReal_Fixed_TimeFlag Indicates whether the lifetimes specified Fixed 


Novell IPv6 Commands 


decrements in real time or remains as a fixed 
time that stays the same in consecutive 
advertisements 


This section explains the commands that can be used to set up the Novell IPv6 stack. 


+ Interface Related Commands (page 31) 


+ Routing Commands 


(page 32) 


+ Tunnel Commands (page 33) 


+ General Commands 


Interface Related Commands 


Bind Protocol 


(page 34) 


This section covers the following: 


+ Bind Protocol (page 


31) 


+ IP6 Configuration Display (page 32) 


+ Unbind Protocol (page 32) 


Syntax 
Description: 


Example: 


bind protocol_name board_name addr address len prefixlen 


Binds a communication protocol to a network board. 


bind ip6 ce 100b 
bind ip6 ce 100b addr 3ffe::1 len 64 
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IP6 Configuration Display 


Syntax ip6config 

Description: Displays the board configuration, which includes all types of IPv6 addresses 
configured to various boards and the corresponding preferred and valid 
lifetimes. 

Example: ip6config 

Unbind Protocol 

Syntax: unbind rt6add protocol_name board _ name 

Description: Unbinds a communication protocol from a board 

Example: unbind ip6 ce 100b 


Routing Commands 


This section covers the following: 
+ Forwarding Capability Status Display (page 32) 
+ Route Addition (page 32) 
+ Route Deletion (page 33) 
+ Routing Table Display (page 33) 


Forwarding Capability Status Display 


Syntax ip6router 
Description: Displays the current status. 
Example: Displays the current status as "IP6Forwarding is ON"/"IP6Forwarding is 
OFF" 
Route Addition 
Syntax Rt6add /P6_Destination_Prefix Gateway Address interface Name 


Prefix_Length 


Description: Adds an IPv6 Route to the IPv6 Routing Table. The Interface Name will 
use the default. Does not need to be specified for a global address. 


Example: Rt6add 3ffe:88::1234 fe80::8%CE100_1_ Ell 64 
Rt6add 3ffd:: 3ffe:88::1234 64 


To add a default route, give the unspecified address (::) as the 
IPv6Destination Prefix and the prefix length as O (zero). For example: 


rt6add:: fe80::9%CE100B_1_EII O 
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Route Deletion 


Syntax 


Description: 


Example: 


Routing Table Display 


Syntax 
Description: 


Example: 


Tunnel Commands 


Rt6add /P6 Destination_Prefix Y%Interface_Name Prefix_ Length 


Deletes an IPv6 Route from the IPv6 Routing Table. The interface name 
will use the default. Does not need to be specified for a global address. 


Rt6del fe80::8%CE100B_1 Ell 64 
Rt6add 3ffe:88::1234 64 
To delete a default router: 


rt6del :: 0 


Rt6Table 
Displays the Routing Table. 


rt6table 


This section covers the following: 


+ Configured Tunnel Creation (page 33) 


+ Configured Tunnel Deletion (page 33) 


+ Configured Tunnel Information Display (page 34) 


+ Current Automatic Tunneling Status Display (page 34) 


Configured Tunnel Creation 


Syntax 


Description: 


Example: 


Configured Tunnel Deletion 


Syntax 


Description: 


Example: 


tun6bind tunnelname local_IPv6 address remote _IPVv6 address 
local IPv4 address remote IPv4_ address 


Creates one end of a tunnel. 


tun6bind test-tunnel 3ffe::1 3ffe::2 172.16.1.1 172.16.1.10 


tun6unbind tunnelname 
Deletes a tunnel. 


tun6unbind test-tunnel 
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Configured Tunnel Information Display 


Syntax Tun6List -t {unnel_ name 


Tun6List -n number _of tunnels to display at a time 


Description: Displays the bound tunnels and the tunnel information. 


Example: Tun6List (Displays all the bound tunnels one by one) 
Tun6List -t test-tunnel (Displays details of test-tunnel alone) 


Tun6List -n 5 (Displays tunnel info five at a time) 


Current Automatic Tunneling Status Display 


Syntax ip6autotunnel 


Description: Displays the status of Automatic Tunneling capability as "Auto 
Tunneling is ON" or "Auto Tunneling is OFF". Set this feature to On (in 
the ip6.cfg file) to automatically create corresponding compatible 
addresses for all the bound IPv4 addresses, thereby enabling the use 
of automatic tunneling with these addresses. 


Set this feature to Off (in the ip6.cfg file) to automatically unbind all the 
compatible addresses created. 


Default = On. 


Example: ip6autotunnel 


General Commands 
+ Default Router List Display (page 34) 
+ Destination Cache Display (page 35) 
+ Destination Cache Flush (page 35) 
+ Neighbor Cache Display (page 35) 
+ Neighbor Cache Entry Deletion (page 35) 
+ Neighbor Cache Flush (page 35) 
¢ Prefix List Display (page 35) 


Default Router List Display 


Syntax dfr6list 


Description: Displays the information about the default routers learned dynamically. 
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Destination Cache Display 


Syntax 


Description: 


Destination Cache Flush 


Syntax 


Description: 


Neighbor Cache Display 


Syntax 


Description: 


Neighbor Cache Entry Deletion 


Syntax 


Description: 


Neighbor Cache Flush 


Syntax 


Description: 


Prefix List Display 


Syntax 


Description: 


Uninstalling Novell IPv6 


dc6list 


Lists of destination cache Entries. 


dc6flush 


Flushes the destination cache of the system. 


nc6list 


Displays the neighbor cache entries. 


nc6del /P6Address Board_Name 


Deletes the neighbor cache entry for the specified neighbor of the specified 
interface. 


nc6flush 


Flushes the neighbor cache entries of the system. 


pf6list 


Displays the prefix information learned from routers. 


1 Enter uip6.ncf at the server console. 


The IPv6-related nlm programs are unloaded. 


2 Enter perl sys: \research\ipv6\uinstall.p1 at the server console. 


All the IPv6 related files are removed from the system directory. 
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Configuring a Secure Channel using IPv6 


IPsec component provides the capability of establishing an end-to-end channel between two hosts. 
IPv6 supports only transport mode IPsec connections. Secure connections have the following 


properties: 


+ Authentication : IPv6 extension header type 51 (AH - Authentication Header) provides 
authenticity and integrity to IP datagrams exchanged among communication end points. 


+ Encryption: IPv6 extension header type 52 (ESP - Encapsulating Security Payload) provides 
confidentiality and integrity to IP datagrams exchanged among communication end points. 


In short, while AH adds authentication, ESP adds encryption to ensure that the communication is 
with the right peer and that it is secure. In a Novell® IPv6 stack, you can configure AH alone or 
AH and ESP together. ESP provides both Authentication and Encryption features. 


The following configurations are possible while providing secure end-to-end connections: 


+ Authentication 


+ Encryption and authentication through ESP 


+ Authentication through ESP 


Table 5 Configurable Parameters for AH and ESP 


Configuration Settings 


AH 


ESP 


INJOUT 


Source and destination address 


Property 


+ hmac96-sha 


+ hmac96-md5 


+ V2-3des-cbc 
+ V2-des-cbc 


Packet 


Identifier 


Description and Usage 


Specifies the type of service required in 
authentication. 


Authenticating algorithms. 


Either can be used. 


Specifies the type of service required for 
encryption. 


Encryption algorithms. 


Either can be used. 


Specifies the service required for inbound 
or outbound connections. 


Incoming or Outgoing. 


Specifies the source and destination 
address of the end-to-end hosts where 
authentication or encryption is required. 
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Configuration Settings Property Description and Usage 


Security Parameter Index(SPl) Index Specifies the index of the security 
association specified at the other end of a 
secure connection. 


hmac96-md5 64byte key Shared Secret 64 byte value for 
authentication at both the ends which can 
be either hmac96-md5 or hmac96-sha. 


Random number. 


hmac96-sha 64byte key Shared Secret 64 byte value for 
authentication at both the ends which can 
be either hmac96-md5 or hmac96-sha. 


Random number. 

DES-CBC key 16 byte key The 16 byte key for encryption. 
Random number. 

3DES-CBC key 48 byte key The 48 byte key for encryption. 


Random number. 


Table 6 Parameter settings for IPsec 
Configuration Setting Property Description and Usage 
Set enable IPsec6 for IPv6 =on Switch to enable IPsec6. 
Set enable IPsec6 logging =on Switch to enable logging. 


Configuring an End-to-End secure connection with AH 


1 Configure the secure connection by modifying the ipseckey.cfg file. For the configuration to 
take effect this file should be manually copied to sys:\system folder. 


The configuration settings of the file must be in following manner: 
AH in SPI Source address Destination address Authentication type key 
A typical end-to-end inbound AH configuration might look as follows: 


AH in 0x10001 3ffe::1 3ffe::2 hmac96-sha 
414141414141414141414141414141414141414141414141 


AH out 0x20002 3ffa::2 3ffa::1 hmac96sha 
414141414141414141414141414141414141414141414141 


This specifies that all incoming traffic coming on 3ffe::1 from destination 3ffe::2 needs to be 
authenticated using hmac96-sha with secret 4141---41(64byte). The SPI id is 0x10001. 


The outgoing traffic on 3ffa::1 to destination 3ffa::2 needs to contain AH using hmac96-sha 
using secret 4141---41(64byte). The SPI id is 0x20001. 


The SPI value of the outgoing connection must be the SPI value of the incoming connection 
and vice versa. 
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2 Configure ipseckey.cfg at the other end as follows: 


AH in 0x20002 3ffa::2 3ffa::1 hmac96-sha 
414141414141414141414141414141414141414141414141 


AH out 0x10001 3ffa::1 3ffa::2 hmac96sha 
414141414141414141414141414141414141414141414141 


NOTE: The SPI value of the outgoing connection must be the SPI value of the incoming connection and 
vice versa. 


3 Load IPv6 at both the ends. 
4 To enable IPsec, set Enable IPsec6 for IPv6 to On. 
5 To track statistics and get help with troubleshooting, set Enable IPsec6 logging to On. 
Any packets going from 3ffa::1 to 3ffa::2 will be authenticated using hmac96-sha with secret 
configured in the file. 
Configuring an end to end Secure Connection using ESP 


1 Configure the secure connection by modifying the ipseckey.cfg file. For the configuration to 
take effect this file should be manually copied to sys:\system folder. 


The configuration settings of the file must be in following manner: 

AH in SPI Source address Destination address Authentication type key 

A typical end-to-end inbound AH configuration might look as follows: 

ESP in 0x10001 3ffe::1 3ffe::2 v2-3des-cbc 41414141414141414111111 
hmac96-md5 414141414141 

ESP out 0x20001 3ffa::2 3ffa::1 v2-3des-cbc 
41414141414141414141441 


hmac96-md5 414141414141 


This indicates incoming traffic on 3ffe:: 1 from destination 3ffe::2 needs to be authenticated 
using hmac96-md5 using secret 4141---41(64byte) and decrypted using 3DES using 
4141414(48byte). The SPI id is 0x10001. 


The outgoing traffic on 3ffa::1 to destination 3ffa::2 must contain AH using hmac96-md5 
using secret 4141---41(64byte) and encrypted using 3DES. The SPI id is 0x20001. 


NOTE: The SPI value of the outgoing connection must be the SPI value of the incoming connection and 
vice versa. 


2 Configure ipseckey.cfg at the other end as follows: 

ESP in 0x20001 3ffa::2 3ffa::1 v2-3des-cbc 41414141414141414111111 
hmac96-md5 414141414141 

ESP out 0x10001 3ffa::1 3ffa::2 v2-3des-cbc 


41414141414141414141441 


hmac96-md5 414141414141 


NOTE: The SPI value of the outgoing connection must be the SPI value of the incoming connection and 
vice versa. 


3 Load IPv6 at both the ends. 
4 To enable IPsec, set Enable IPsec6 for IPv6 to On. 
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5 To track statistics and get help with troubleshooting, set Enable IPsec6 logging to On 
IPsec logging can be enabled for the following purposes: 
+ Connections made and broken. 
+ Reasons for authentication and encryption failures and the possible reasons are: 


Replay attacks 
Invalid SA due to invalid SPI configurations 


Any packets going from 3ffa:2 will be authenticated/encrypted using hmac96-md5 and 
3DES-CBC with secret/key configured in the file. 


Multiprocessing and IPv6 


The IPv6 stack for NetWare®6.5 SP3 is multiprocessor enabled. 
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Table 7 
Configuration Settings 
[ RIP interface name] 


Status 


Cost 


poisonreverse 


splithorizon 


Configuring RIPng for IPv6 


RIPng is a dynamic routing protocol for IPv6. The routing procedure is same as for IPv4 except 
for 128-bit addressing. Unlike IPv6, RIP for IPv6 is a separate NLM™ and can be loaded if 


required. 


The configuration entries for rip6.nlm must be entered in /etc/ip6.cfg in a separate block. 


Configurable Parameters for RIPng 


Property 
RIP configured on a interface 


RIP enabled on the interface 


Cost of the interface to reach other end 


As per RFC2080 


As per RFC2080 


Description and Usage 

[RIP CE1000B]- Required parameter 
Yes = Enable 

No = Disable. 

Required parameter. 


Range 1 to 16. Dependent on the 
administrator's configuration. 


Optional parameter. 
Yes = Enable. 
No = Disable. 
Yes = Enable. 


No = Disable. 


A typical configuration for RIPng enabled on CE1000B interface with split horizon enabled and 
poison reverse disabled might look like the following: 


[RIP CE1000B] 


statusYES 
cost 2 


poisonreverse no 


splithorizon 


yes 
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Using Novell IPv6 in Your Network 


The following sections provide details on how to use the Novell® IPv6 stack to set up tunneling 
within the corporate network between the IPv6 groups, as well as how to connect to 6Bone in order 
to experience the virtual global IPv6 network. 


+ “Setting Up Tunneling” on page 43 
+ “Using Novell IPv6 to Connect to 6Bone” on page 44 


Setting Up Tunneling 


You can use automatic or configured tunneling to set up your own IPv6 tunnel. 


NOTE: In the following procedure, Host 1 and Host 2 belong to two different IPv6 networks. Router 1 and 
Router 2 are the two edge routers, which are dual stacks to interconnect the IPV6 and IPv4 networks. It is 
assumed that both Router 1 and Router 2 are NetWare® nodes. 


Using Configured Tunneling 
1 Make sure the IPv6 stack is loaded on both sides. 


2 Configure one side of the tunnel to set up Router 1 by entering the following at the server 
console: 


Tun6bind test-tunnel 3ffe::1 3ffe::2 172.16.1.1. 172.16.1.2 


3 Configure the other side of the tunnel to set up Router 2 by entering the following at the server 
console: 


Tun6bind test-tunnel 3ffe::2 3ffe::1 172.16.1.2 172.16.1.1 
The tunnel names do not have to be same on both sides. 

4 Test the connectivity by pinging across the tunnel. 
For example, on Router 1 enter 


Ping6 3ffe::2 
Using Automatic Tunneling 


Unlike configured tunneling, you do not need to explicitly set up an automatic tunnel. 
NOTE: The following procedure sets up automatic tunneling between Host 1 and Host 2: 
1 Make sure the IPv6 stack is loaded on both nodes. 
2 Make sure the IPv6 Auto Tunnel feature is set to on for both nodes. 
3 Test the connectivity by pinging across the tunnel. 
For example, enter 


to::172.16.1.2 from Host 1 and ::172.16.1.1 from H2. 
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Configuring 6to4 Tunnels 


You can use the 6to4 tunneling technique to enable the host to encapsulate the IPv6 traffic in the 
IPv4 header and send over the IPv4 Internetwork (Internet). This is one of the mechanisms used 
to ease the transition of networks from IPv4 to IPv6. 


The 6to4 feature is set to No by default. To enable it, set the 6to4 parameter to Yes in the ip6.cfg 
file under sys:\etc. 


[Interface All] 
6to4 Yes 


This enables the machine as a 6to4 host. A 6to4 pseudo-interface is created with an IPv6 address 
of 2002:AABB:CCDD::AABB:CCDD, where AABB:CCDD is the colon-hexadecimal 
representation of the IPv4 address a.b.c.d assigned to the node. You can now send and receive 6to4 
traffic over this machine. However, you need to ensure that the machine has a public IPv4 Internet 
address. Private addresses like 192.168.x.x or 10.x.x.x, 172.16/12, auto-conf addresses 
169.254.x.x, and loopback addresses 127.x.x.x are ignored. 


Configuring a 6to4 Router 


You can configure a 6to4 node as a 6to4 router. The 6to4 router encapsulates the IPv6 packets 
received from the private interface into IPv4 packets before forwarding them on the public 
interface. For example, if you have only IPv6 nodes in your network or nodes that have IPv4 
private addresses (refer to the previous paragraph), this will prevent the host from using the 6to4 
feature directly. Therefore, the host can acquire the 6to4 prefix from the 6to4 router (which has a 
public IPv4 address and is connected to the IPv4 Internet) and configure IPv6 addresses. The host 
can then forward its IPv6 traffic to the 6to4 router that takes care of the tunneling. 


To configure a 6to4 router: 
1 Enable forwarding on the node. 


Refer to the Router variable in the Interface All record under “Configuration File Format” on 
page 26. 


2 Configure the rtadvd.cfg file to advertise the 6to4 prefix (2002:AABB:CCDD::/48) to the 
IPv6 nodes on the private interface. 


Refer to “Rtadvd.cfg File” on page 27. 


3 Configure the rtadvd.cfg file to advertise itself as the default router by setting the 
RADefaultLifeTime to a nonzero value. 


Refer to “Configuration File Format” on page 28. 
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Getting an IPv6 Address Space 


The Telecom lab sets up new connections within the backbone to provide access to new leaf sites. 
The lab provides an IPv6 prefix that is a pTLA (pseudo-Top Level Aggregator) and a 6Bone 
connection. If you want to connect to 6Bone, you must fill in a registration form and agree on the 
IPv4/IPv6 addresses to be used on the two sides. When this is done, you can connect to 6Bone. 
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Connecting to 6Bone 


In contrast to the classic IPv6-over-IPv4 tunnel setup, you do not register at a 6Bone gateway or 
get forwarded to any IPv6 traffic (encapsulated in IPv4). Because your IPv6 address is provided 
from a source that already has a 6Bone connection, the tunnel establishment and maintenance are 
done by a Tunnel Broker where you got the IPv6 address. 


Tunnel Broker is a mechanism to automatically manage tunnel requests coming from remote users. 
Standalone remote IPv6 users can register on a dedicated Web site, then obtain a script that will 
build an automatic tunnel to the IPv6 network. 


To send IPv6 packets, the host takes the IPv6 packet and encapsulates it into an IPv4 packet. You 
still need a 6Bone-connected gateway that will decapsulate your packets and forward them to 
6Bone. 


The following figure illustrates this. 


Figure 6 Connecting through Novell IPv6 


Example 


Your private network is uplinked through an IPv4-connected PPP link to a 6over4 gateway 
machine that is connected to 6Bone. 


To connect to 6Bone the following sequence of events must occur: 
1. Assume that 202.169.139.51 is your IPv4 address. 


2. After becoming a registered user in one of the organizations which provide this service, you 
provide the IPv4 address at your end. 


3. Within a few minutes you receive an e-mail containing all the details needed to connect to 
6Bone: 


Tunnel Information 


Server IPv4 address 163.162.170.170 

Server IPv6 address 3ffe:1001:0001:b000::2489 
Server IPv6 link local address Fe80::a3a2:aaaa 

Client IPv4 address 202.169.139.51 

Client IPv6 address 3ff2:1001:0001:b000::2488 
Client IPV6 link local address Fe80::caa9:8b33 

Expire date Mon Aug 20 08:26:32 2003 
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4. Enter the following command to start pinging to the remote IPv6 address with IPv6 loaded: 


Tun6bind tunnel name 3f£f2:1001:0001:b000::2489 
3ffe:1001:0001:b000::2489 202.169.139.51 163.162.170.170 


If you are able to get the response from pinging, you know you are connected to 6Bone. 
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Frequently Asked Questions 


This chapter discusses the FAQs that the users and system administrators might have while using 
Novell® IPv6. 


Novell IPV6-Related FAQS 


Route Addition Failed 
Problem: While adding a route using the server console, I encountered the following error message: 
Route Addition Failed 
Action: Check the following: 
+ Check if the source and destination addresses are in IPv6 format. 


+ Ifthe gateway is a link local address, check if the gateway is postfixed with a % symbol, 
followed by the interface name. 


+ Check if the gateway is reachable or if the routing table has a route to reach the gateway. 


Unable to Ping 
Problem: I could not get any response when I entered ping6 at the server console. 


Action: Check if the end nodes have a route to each other in the routing table. 


Viewing All Addresses 
Problem: How do I see the list of all addresses? 


Action: Enter ip6config at the server console. 


Viewing the Destination Cache 
Problem: How do I see the Destination Cache? 


Action: Enter dc6list at the server console. 


Configured Addresses Not Visible 


Problem: When I enter ip6config at the server console, few of the configured addresses are suddenly not 
visible. 


Possible Cause: The lifetime advertised for the corresponding prefix by the router is very less. 


Action: Do the following: 
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1 Enter pf6list at the server console. 
A list of prefixes and their corresponding lifetimes is displayed. 


2 In the rtadvd.cfg file, correct the prefix for the router that is sending out the Router 
Advertisements. 


Support for Per-interface Hop Metrics 
Problem: Does the Novell IPv6 stack support per-interface hop metrics? 


Explanation: The Novell IPv6 stack does not support per-interface hop metrics. 


Record Name Mismatch 
Problem: In the configuration file, I have encountered a Record name mismatch. 
Action: Do the following: 
+ Check the interface name in the record. 
+ Enter config at the server console to see the actual interface. 


Action: When you enter [ Interface All ], check whether a space is missing before the closing 
bracket. 


Unable to Unload IPv6 nims 
Problem: How do I unload IPv6 nlm programs? 
Possible Cause: Applications like JSock.nlm, ping6.nlm and Sktcp6.nlm are still loaded on IPv6. 


Action: To unload IPv6 nlm programs, you need to unload the applications first. 


Pinging a Machine Using its IP4 and IPv6 Addresses 


Problem: Iam unable to ping a machine using its IPv4 address and ping (IPv4) and then ping the same 
machine with its IPv6 address and ping6. 


Action: Check the destination address in ping6. 


Configuring the Global Address 


Problem: During IPv6 initialization, it does not configure the global address automatically. Do I have to 
make any modification in the ip6.cfg file? 


Explanation:  IPv6 initialization does not configure the global address given in the ip6.cfg file. 


Action: Check the interface name. 


Unable to Bind IPv6 with a Driver 
Problem: I am unable to bind IPv6 with my driver. What is the syntax for binding the same? 
Action: Enter the following at the server console: 


bind ip6 driver name addr address len prefix length 


Pinging Using a IPv6 Machine 
Problem: How do I ping using an IPv6 machine? 


Action: Enter ping6 at the server console to get help. 
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Monitoring IPv6 Traffic 


Problem: Can I see the IPv6 traffic on the wire? 


Action: Enter sniffer at the server console with the Address_ type as Hardware and Protocol as IPv6/IP. 


Enabling Ip6router 
Problem: How do I enable ip6router? 
Action: In the ip6.cfg file, set the following parameter: 


Router Yes 


Unable to Ping6 an IPv6-enabled Machine 


Problem: I am unable to ping6 to an IPv6-enabled machine though it is on the same physical network. 


Action: Do the following: 
+ Check the cable. 


+ Check the destination address. 


Unbinding IPv6 From an Interface 
Problem: How do I unbind IPv6 from an interface? 
Action: Enter the following command at the server console: 


unbind ip6 interface name/driver name 


Disabling the IPv6 Stack 
Problem: How do I disable the IPv6 stack? 
Action: Unload ipv6.nlm. 


Enabling the 6to4 Option 
Problem: How do I enable the 6to4 option? 
Action: Do the following: 
1 In the sys:\etc\ip6.cfg file, under Interface All, set the following parameter: 
[ Interface All ] 
6to4 Yes 


2 Reinitialize the system. 


Viewing IPv6 Configuration Information 
Problem: Is it possible to view the IPv6 configuration information? 
Action: Enter ip6config at the server console. 


NOTE: Ipconfig does not show the entire IPv6 configuration. 
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Checking Whether IPV6 Is Running 
Problem: Can I do a quick check to see if IPv6 is up and running? 
Action: When you enter ip6config at the server console, it should show a loopback interface. 


Action: When you enter ping : : 1, you should get a response. 


Transition Mechanism Support 
Problem: What are the transition mechanisms that Novell IPv6 supports? 
Explanation: Novel IPv6 supports the following transition mechanisms: 
+ Dual stack 
+ Configured tunneling 
+ Automatic tunneling 


+ 6to4 


6to4 Relay 
Problem: Is 6to4 relay supported? 


Explanation: The Novell IPv6 stack supports 6to4 route configuration. It also supports 6to4 in the relay 
configuration if the required routes are manually set in the 6to4 relay router. 


Time out of Ping6 
Problem: While pinging (ping6) between two machines, communication stops between the two. 


Action: Check the reachable time advertised by the rtadvd.cfg file. 


Autoconfiguration by Host 
Problem: The router advertisements are sent but the host is not doing autoconfiguration. 
Action: Check the following: 
+ Autoconfiguration flag in the ip6.cfg file. 
+ M/O flag in the rtadvd.cfg file. 
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Documentation Updates 


May 9, 2005 


+ Updated the reference for Novell Netware IPv6 Administration Guide for OES. 


+ Added a section with Documentation Updates information. 
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